package com.im.web.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;

import static com.im.common.Constants.USER_AUTHORITY;

/**
 * @author gongym
 * @date 2018/11/25 22:07
 */
@Configuration
@EnableResourceServer
public class Oauth2Config extends ResourceServerConfigurerAdapter {
  @Override
  public void configure(HttpSecurity http) throws Exception {
    http.cors()
        .and()
        .csrf()
        .disable()
        .authorizeRequests()
        .antMatchers("/api")
        .authenticated()
        .antMatchers("/api")
        .hasAuthority(USER_AUTHORITY);
  }
}
